General

  • Target

    cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118

  • Size

    32KB

  • Sample

    241206-gk3sxayqcp

  • MD5

    cb60d56de32e6e0f4d462df6c60238fd

  • SHA1

    b3602d7a5a7d2cda47fd21d24d696179d6ac29a8

  • SHA256

    7371c735226fecf029ad5cd1529c9fc6e83b98d85fa438a7dd4a374509a08500

  • SHA512

    4c89bcdaf1a4316badc99be44aa493e4fe9cde43626cf5c6e45c74e48f77281e477cb6850e8a022119364adeecac497260411adef06ee023437e32adb07c0a7f

  • SSDEEP

    768:HnPNjyTesi5y7i15F6jy076K3LPR2AfBmXaqWEL:HnPNFd5t3M20+6wpqA

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

cnctomecutie1337.mikeysyach.xyz

scanthembigbots.mikeysyach.xyz

Targets

    • Target

      cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118

    • Size

      32KB

    • MD5

      cb60d56de32e6e0f4d462df6c60238fd

    • SHA1

      b3602d7a5a7d2cda47fd21d24d696179d6ac29a8

    • SHA256

      7371c735226fecf029ad5cd1529c9fc6e83b98d85fa438a7dd4a374509a08500

    • SHA512

      4c89bcdaf1a4316badc99be44aa493e4fe9cde43626cf5c6e45c74e48f77281e477cb6850e8a022119364adeecac497260411adef06ee023437e32adb07c0a7f

    • SSDEEP

      768:HnPNjyTesi5y7i15F6jy076K3LPR2AfBmXaqWEL:HnPNFd5t3M20+6wpqA

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (29425) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks